MacOS – ntpd and incoming connections on OS X client

firewallmacosntp

I recently received a dialog box on my MacBook Air (10.9.2 Client) asking "Do you want the application “ntpd” to accept incoming network connections?". I have OS X's firewall enabled.

Now, my understanding is that ntpd on OS X Client is only for setting local machine time from a remote NTP server. It should not be acting as a time server for anyone else, so accepting (presumably new, not established) incoming connections should not be necessary.

I was wondering if my machine was being hit by a rogue machine on the network attempting (or a victim of) the NTP server packet amplification attacks that have been going on recently?

Best Answer

I cannot say for certain, however, from reading this notice from NTP.ORG about a DRDos attack, I suspect someone is attempting to use your (and my) machine's NTP server for bad business. I'm clicking the "Deny" button for accepting network connections and will go through these configuration instructions later.

Here's the opening paragraph of the notice:

NTP users are strongly urged to take immediate action to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see the NTP Security Notice for vulnerability and mitigation details, and the Network Time Foundation Blog for more information. (January 2014)

Best Answer

Related Solutions

“Accept incoming network connections” issue

Suspicious NTPD Connection

Related Question